Overview

overview

7

Static

static

3

3be6b109be...43.exe

windows7-x64

7

3be6b109be...43.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3be6b109be72f3e9bae6d5c5a46eaa43.exe

  • Size

    1.8MB

  • MD5

    3be6b109be72f3e9bae6d5c5a46eaa43

  • SHA1

    c2a7f36228861c661a18acb06ae0bbcf7263ae71

  • SHA256

    d8d74701ba059feabce2c5b8e24eaa77ac95c27e266028e05f9b3f90092b5a1a

  • SHA512

    83022df6a16c4f4b19b223fb80f1d1c1d3374535b04289679044bb286a3f187e1f4eebbf4c8ea3b17c442636450d9e56f0da208579b300b0a80717d91c1febbe

  • SSDEEP

    49152:4yd4qWw2lrcW7iYsmBrYsDEOMql8q5lomNyi1aq:ZdJWHB8sEdqlf7h1X

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3be6b109be72f3e9bae6d5c5a46eaa43.exe
    "C:\Users\Admin\AppData\Local\Temp\3be6b109be72f3e9bae6d5c5a46eaa43.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Users\Admin\AppData\Local\Temp\is-MH387.tmp\3be6b109be72f3e9bae6d5c5a46eaa43.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-MH387.tmp\3be6b109be72f3e9bae6d5c5a46eaa43.tmp" /SL5="$D021C,1624557,58368,C:\Users\Admin\AppData\Local\Temp\3be6b109be72f3e9bae6d5c5a46eaa43.exe"
      2⤵
      • Executes dropped EXE
      PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-MH387.tmp\3be6b109be72f3e9bae6d5c5a46eaa43.tmp
    Filesize

    250KB

    MD5

    df886927716f7f706dc636c4e483cca8

    SHA1

    77215781eb54b299c4107dffca415221f9a9bbfb

    SHA256

    be9ccb62399446631cba398c1547a976468239e1ce166e1d50749cd6a8945f3e

    SHA512

    b2126f2a98ebc3ef8367c97e430e1a8a73cf1fdb87254c4fbe9f2207b9a335e518bfbc94e36937d8dcdd1e50dd6450302e45304e508bfcd4e7985d5f9359dfe9

    Download Submit

  • memory/1232-2-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1232-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1232-8-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4788-6-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4788-9-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/4788-12-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download